Watchdog Group: Google Desktop Huge Security Risk

A high-profile privacy watchdog group has a terse warning for business and consumers: Do not use the new version of Google Desktop.

The nonprofit Electronic Frontier Foundation said a new feature added to Google Desktop on Feb. 9 is a serious privacy and security risk because of the way a user's data is stored on Google's servers.

The new "Share Across Computers" feature stores Web browsing history, Microsoft Office documents, PDF and text files on Google's servers to allow a user to run remote searches from multiple computers. But according to the EFF, this presents a lucrative target to malicious hackers.

"[We urge] consumers not to use this feature, because it will make their personal data more vulnerable to subpoenas from the government and possibly private litigants, while providing a convenient one-stop-shop for hackers who've obtained a user's Google password," the EFF said in a statement.

Google says it has to store the data on its own servers to deal with situations when one of a user's computers may be turned off or otherwise be offline when new or updated items are indexed on a different machine.

Google said users can use a "Clear my Files" button to manually remove all files from its servers or a "Don't Search These Items" preference to remove specific files and folders from the software's index.

The EFF isn't impressed, especially coming on the heels of what it calls "serious consumer concern about government snooping into Google's search logs."

"It is shocking that Google expects its users to now trust it with the contents of their personal computers," said EFF staff attorney Kevin Bankston.

"Unless you configure Google Desktop very carefully, and few people will, Google will have copies of your tax returns, love letters, business records, financial and medical files, and whatever other text-based documents the Desktop software can index," he added.

In a strongly worded statement, Bankston warned that the government could demand access to personal files with only a subpoena rather than the search warrant it would need to seize the same things from a user's home or business.

"Other litigants — your spouse, your business partners or rivals, whoever — could also try to cut out the middleman (you) and subpoena Google for your files," he argued.

Security analysts have long warned enterprises against the use of desktop search software because of the serious risk of data theft and sensitive information exposure.

Google itself has struggled with security in the Google Desktop software.

In November 2004, the company rushed out a patch for a security vulnerability that put users at risk of man-in-the-middle data leak attacks.

Check out eWEEK.com'sSecurity Centerfor the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center EditorLarry Seltzer's Weblog.